From 79d58c39172ec0eb89c6f193155d4e7e04dfff47 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Thu, 4 Jun 2020 21:17:33 +0200 Subject: [PATCH] Added support for Filebeat-oss and several improvements --- playbooks/wazuh-manager-oss.yml | 13 +- playbooks/wazuh-opendistro.yml | 2 +- .../ansible-elasticsearch/README.md | 2 +- .../ansible-elasticsearch/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/README.md | 2 +- .../ansible-kibana/defaults/main.yml | 2 +- roles/opendistro/hosts | 49 ------- .../defaults/main.yml | 4 +- .../tasks/local_actions.yml | 43 +++--- .../tasks/security_actions.yml | 7 +- .../templates/tlsconfig.yml.j2 | 11 +- .../opendistro-kibana/defaults/main.yml | 10 +- .../opendistro-kibana/tasks/main.yml | 76 ++++++++++- .../tasks/security_actions.yml | 4 +- .../templates/opendistro_kibana.yml.j2 | 4 +- roles/wazuh/ansible-filebeat-oss/README.md | 39 ++++++ .../ansible-filebeat-oss/defaults/main.yml | 30 +++++ .../handlers/main.yml | 0 .../meta/main.yml | 2 +- .../tasks/Debian.yml | 2 +- .../tasks/RMDebian.yml | 0 .../tasks/RMRedHat.yml | 2 +- .../tasks/RedHat.yml | 2 +- .../ansible-filebeat-oss/tasks/config.yml | 22 +++ .../wazuh/ansible-filebeat-oss/tasks/main.yml | 70 ++++++++++ .../tasks/security_actions.yml | 29 ++++ .../templates/elasticsearch.yml.j2 | 0 .../templates/filebeat.yml.j2 | 19 +-- roles/wazuh/ansible-filebeat/README.md | 2 +- .../wazuh/ansible-filebeat/defaults/main.yml | 4 +- roles/wazuh/ansible-filebeat/tasks/config.yml | 21 +-- roles/wazuh/ansible-filebeat/tasks/main.yml | 2 +- .../ansible-filebeat/tests/requirements.yml | 3 - roles/wazuh/ansible-filebeat/tests/test.yml | 20 --- roles/wazuh/ansible-wazuh-manager/README.md | 2 +- roles/wazuh/filebeat-oss/defaults/main.yml | 57 -------- roles/wazuh/filebeat-oss/tasks/config.yml | 39 ------ roles/wazuh/filebeat-oss/tasks/main.yml | 125 ------------------ .../filebeat-oss/tasks/security_actions.yml | 11 -- .../wazuh/filebeat-oss/tests/requirements.yml | 3 - roles/wazuh/filebeat-oss/tests/test.yml | 20 --- 41 files changed, 340 insertions(+), 417 deletions(-) delete mode 100644 roles/opendistro/hosts create mode 100644 roles/wazuh/ansible-filebeat-oss/README.md create mode 100644 roles/wazuh/ansible-filebeat-oss/defaults/main.yml rename roles/wazuh/{filebeat-oss => ansible-filebeat-oss}/handlers/main.yml (100%) rename roles/wazuh/{filebeat-oss => ansible-filebeat-oss}/meta/main.yml (88%) rename roles/wazuh/{filebeat-oss => ansible-filebeat-oss}/tasks/Debian.yml (91%) rename roles/wazuh/{filebeat-oss => ansible-filebeat-oss}/tasks/RMDebian.yml (100%) rename roles/wazuh/{filebeat-oss => ansible-filebeat-oss}/tasks/RMRedHat.yml (84%) rename roles/wazuh/{filebeat-oss => ansible-filebeat-oss}/tasks/RedHat.yml (89%) create mode 100644 roles/wazuh/ansible-filebeat-oss/tasks/config.yml create mode 100644 roles/wazuh/ansible-filebeat-oss/tasks/main.yml create mode 100644 roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml rename roles/wazuh/{filebeat-oss => ansible-filebeat-oss}/templates/elasticsearch.yml.j2 (100%) rename roles/wazuh/{filebeat-oss => ansible-filebeat-oss}/templates/filebeat.yml.j2 (52%) delete mode 100644 roles/wazuh/ansible-filebeat/tests/requirements.yml delete mode 100644 roles/wazuh/ansible-filebeat/tests/test.yml delete mode 100644 roles/wazuh/filebeat-oss/defaults/main.yml delete mode 100644 roles/wazuh/filebeat-oss/tasks/config.yml delete mode 100644 roles/wazuh/filebeat-oss/tasks/main.yml delete mode 100644 roles/wazuh/filebeat-oss/tasks/security_actions.yml delete mode 100644 roles/wazuh/filebeat-oss/tests/requirements.yml delete mode 100644 roles/wazuh/filebeat-oss/tests/test.yml diff --git a/playbooks/wazuh-manager-oss.yml b/playbooks/wazuh-manager-oss.yml index 5cb9b4bd..3dc6346d 100644 --- a/playbooks/wazuh-manager-oss.yml +++ b/playbooks/wazuh-manager-oss.yml @@ -1,8 +1,9 @@ --- -- hosts: +- hosts: managers roles: - - role: ../roles/wazuh/ansible-wazuh-manager - - role: ../roles/wazuh/filebeat-oss - filebeat_output_elasticsearch_hosts: 172.16.0.161:9200 - - +# - role: ../roles/wazuh/ansible-wazuh-manager + - role: ../roles/wazuh/ansible-filebeat-oss + filebeat_output_elasticsearch_hosts: + - "172.16.0.161:9200" + - "172.16.0.162:9200" + - "172.16.0.163:9200" \ No newline at end of file diff --git a/playbooks/wazuh-opendistro.yml b/playbooks/wazuh-opendistro.yml index ede8ca93..271dfa5b 100644 --- a/playbooks/wazuh-opendistro.yml +++ b/playbooks/wazuh-opendistro.yml @@ -1,4 +1,4 @@ --- -- hosts: es-cluster +- hosts: es_cluster roles: - role: ../roles/opendistro/opendistro-elasticsearch diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index c574aa9f..f37d3cec 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -134,7 +134,7 @@ It is possible to define users directly on the playbook, these must be defined o License and copyright --------------------- -WAZUH Copyright (C) 2017 Wazuh Inc. (License GPLv3) +WAZUH Copyright (C) 2020 Wazuh Inc. (License GPLv3) ### Based on previous work from geerlingguy diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 6f2528c3..019179fc 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.6.2 +elastic_stack_version: 7.7.0 elasticsearch_lower_disk_requirements: false elasticrepo: diff --git a/roles/elastic-stack/ansible-kibana/README.md b/roles/elastic-stack/ansible-kibana/README.md index 593cf319..28978761 100644 --- a/roles/elastic-stack/ansible-kibana/README.md +++ b/roles/elastic-stack/ansible-kibana/README.md @@ -37,7 +37,7 @@ Example Playbook License and copyright --------------------- -WAZUH Copyright (C) 2017 Wazuh Inc. (License GPLv3) +WAZUH Copyright (C) 2020 Wazuh Inc. (License GPLv3) ### Based on previous work from geerlingguy diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index d1ddb8e1..b4bf0c88 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,7 +5,7 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.6.2 +elastic_stack_version: 7.7.0 wazuh_version: 3.12.3 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp diff --git a/roles/opendistro/hosts b/roles/opendistro/hosts deleted file mode 100644 index bd3b73e7..00000000 --- a/roles/opendistro/hosts +++ /dev/null @@ -1,49 +0,0 @@ -# This is the default ansible 'hosts' file. -# -# It should live in /etc/ansible/hosts -# -# - Comments begin with the '#' character -# - Blank lines are ignored -# - Groups of hosts are delimited by [header] elements -# - You can enter hostnames or ip addresses -# - A hostname/ip can be a member of multiple groups - -# Ex 1: Ungrouped hosts, specify before any group headers. - -## green.example.com -## blue.example.com -## 192.168.100.1 -## 192.168.100.10 - -# Ex 2: A collection of hosts belonging to the 'webservers' group -#[elasticsearch_first - - -es1 ansible_host=172.16.0.161 ansible_user=vagrant ip=172.16.0.161 -es2 ansible_host=172.16.0.162 ansible_user=vagrant ip=172.16.0.162 -es3 ansible_host=172.16.0.163 ansible_user=vagrant ip=172.16.0.163 -manager1 ansible_host=172.16.1.250 ansible_user=vagrant ip=172.16.1.250 - -[managers] -manager1 - -[es-cluster] -es1 -es2 -es3 -manager1 - -[kibana] -es1 - -[single-host] -172.16.1.15 ansible_ssh_user=vagrant -[elastic-cluster] -172.16.0.161 ansible_ssh_user=vagrant -172.16.0.162 ansible_ssh_user=vagrant -172.16.0.163 ansible_ssh_user=vagrant -[agents] -172.16.0.131 ansible_ssh_user=vagrant -172.16.0.132 ansible_ssh_user=vagrant -# If you have multiple hosts following a pattern you can specify -# them like this: diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml index 23140123..aa683033 100644 --- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml @@ -1,6 +1,6 @@ --- # The OpenDistro version -opendistro_version: 1.6.0 +opendistro_version: 1.8.0 elasticsearch_cluster_name: wazuh-cluster # Minimum master nodes in cluster, 2 for 3 nodes elasticsearch cluster @@ -28,7 +28,7 @@ opendistro_sec_plugin_conf_path: /usr/share/elasticsearch/plugins/opendistro_sec opendistro_sec_plugin_tools_path: /usr/share/elasticsearch/plugins/opendistro_security/tools opendistro_conf_path: /etc/elasticsearch/ es_nodes: |- - {% for item in groups['es-cluster'] -%} + {% for item in groups['es_cluster'] -%} {{ hostvars[item]['ip'] }}{% if not loop.last %}","{% endif %} {%- endfor %} diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml b/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml index b6995e5c..edaf9ef8 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml @@ -2,36 +2,36 @@ - block: - name: Local action | Create local temporary directory for certificates generation - local_action: - module: file + file: path: "{{ local_certs_path }}" state: directory + - name: Local action | Check that the generation tool exists + stat: + path: "{{ local_certs_path }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip" + register: tool_package + - name: Local action | Download certificates generation tool - local_action: - module: get_url + get_url: url: "{{ certs_gen_tool_url }}" dest: "{{ local_certs_path }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip" + when: not tool_package.stat.exists - name: Local action | Extract the certificates generation tool - local_action: - module: unarchive + unarchive: src: "{{ local_certs_path }}/search-guard-tlstool-1.7.zip" dest: "{{ local_certs_path }}/" - name: Local action | Add the execution bit to the binary - local_action: - module: file + file: dest: "{{ local_certs_path }}/tools/sgtlstool.sh" mode: a+x - name: Local action | Prepare the certificates generation template file - local_action: - module: template + template: src: "templates/tlsconfig.yml.j2" dest: "{{ local_certs_path }}/config/tlsconfig.yml" - - name: Create a directory if it does not exist file: path: "{{ local_certs_path }}/certs/" @@ -40,20 +40,29 @@ delegate_to: localhost - name: Local action | Check if root CA file exists - local_action: - module: stat + stat: path: "{{ local_certs_path }}/certs/root-ca.key" register: root_ca_file - name: Local action | Generate the node & admin certificates in local - local_action: - module: command {{ local_certs_path }}/tools/sgtlstool.sh -c {{ local_certs_path }}/config/tlsconfig.yml -ca -crt -t {{ local_certs_path }}/certs/ -f -o + command: >- + {{ local_certs_path }}/tools/sgtlstool.sh + -c {{ local_certs_path }}/config/tlsconfig.yml + -ca -crt + -t {{ local_certs_path }}/certs/ + -f -o when: not root_ca_file.stat.exists - name: Local action | Generate the node & admin certificates using an existing root CA - local_action: - module: command {{ local_certs_path }}/tools/sgtlstool.sh -c {{ local_certs_path }}/config/tlsconfig.yml -ca -crt -t {{ local_certs_path }}/certs/ -f + command: >- + {{ local_certs_path }}/tools/sgtlstool.sh + -c {{ local_certs_path }}/config/tlsconfig.yml + -crt + -t {{ local_certs_path }}/certs/ + -f when: root_ca_file.stat.exists + run_once: true + delegate_to: localhost tags: - generate-certs \ No newline at end of file diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml b/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml index 1fee6fef..ea48874e 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml @@ -1,5 +1,4 @@ - block: - - name: Remove demo certs file: path: "{{ item }}" @@ -12,7 +11,7 @@ - name: Copy the node & admin certificates to Elasticsearch cluster copy: - src: "{{ local_certs_path }}/config/{{ item }}" + src: "{{ local_certs_path }}/certs/{{ item }}" dest: /etc/elasticsearch/ mode: 0644 with_items: @@ -28,7 +27,7 @@ - name: Copy the OpenDistro security configuration file to cluster blockinfile: - block: "{{ lookup('file', '{{ local_certs_path }}/config/{{ inventory_hostname }}_elasticsearch_config_snippet.yml') }}" + block: "{{ lookup('file', '{{ local_certs_path }}/certs/{{ inventory_hostname }}_elasticsearch_config_snippet.yml') }}" dest: "{{ opendistro_conf_path }}/elasticsearch.yml" insertafter: EOF marker: "## {mark} Opendistro Security Node & Admin certificates configuration ##" @@ -76,5 +75,5 @@ run_once: true tags: - - production_ready + - security when: install.changed \ No newline at end of file diff --git a/roles/opendistro/opendistro-elasticsearch/templates/tlsconfig.yml.j2 b/roles/opendistro/opendistro-elasticsearch/templates/tlsconfig.yml.j2 index f5ee89bc..0f7671e2 100644 --- a/roles/opendistro/opendistro-elasticsearch/templates/tlsconfig.yml.j2 +++ b/roles/opendistro/opendistro-elasticsearch/templates/tlsconfig.yml.j2 @@ -17,7 +17,6 @@ defaults: verifyHostnames: false resolveHostnames: false - ### ### Nodes ### @@ -25,7 +24,7 @@ defaults: # Specify the nodes of your ES cluster here # nodes: -{% for item in groups['es-cluster'] %} +{% for item in groups['es_cluster'] %} - name: {{ item }} dn: CN={{ item }}.{{ domain_name }},OU=Ops,O={{ domain_name }}\, Inc.,DC={{ domain_name }} dns: {{ item }}.{{ domain_name }} @@ -39,6 +38,14 @@ nodes: ip: {{ hostvars[item]['ip'] }} {% endfor %} {% endif %} +{% if groups['managers'] is defined and groups['managers']|length > 0 %} +{% for item in groups['managers'] %} + - name: {{ item }} + dn: CN={{ item }}.{{ domain_name }},OU=Ops,O={{ domain_name }}\, Inc.,DC={{ domain_name }} + dns: {{ item }}.{{ domain_name }} + ip: {{ hostvars[item]['ip'] }} +{% endfor %} +{% endif %} ### ### Clients ### diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index 6bbf5015..611eabdd 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -1,17 +1,18 @@ --- -elasticsearch_http_port: "9200" -elasticsearch_network_host: |- +elasticsearch_http_port: 9200 +elasticsearch_nodes: |- {% for item in groups['kibana'] -%} {{ hostvars[item]['ip'] }}{% if not loop.last %}","{% endif %} {%- endfor %} - +elasticsearch_network_host: 172.16.0.161 +elastic_api_protocol: https kibana_conf_path: /etc/kibana kibana_server_host: "0.0.0.0" kibana_server_port: "5601" kibana_server_name: "kibana" kibana_max_payload_bytes: 1048576 -opendistro_version: 7.6.1 +elastic_stack_version: 7.7.0 wazuh_version: 3.12.3 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp @@ -41,6 +42,7 @@ kibana_telemetry_optin: "false" kibana_telemetry_enabled: "false" opendistro_security_user: elastic +opendistro_admin_password: changeme opendistro_kibana_user: kibanaserver opendistro_kibana_password: changeme local_certs_path: /tmp/opendistro-nodecerts diff --git a/roles/opendistro/opendistro-kibana/tasks/main.yml b/roles/opendistro/opendistro-kibana/tasks/main.yml index 2d29e0cb..94a646f8 100644 --- a/roles/opendistro/opendistro-kibana/tasks/main.yml +++ b/roles/opendistro/opendistro-kibana/tasks/main.yml @@ -28,7 +28,6 @@ register: install tags: install - - name: Remove Kibana configuration file file: path: "{{ kibana_conf_path }}/kibana.yml" @@ -48,11 +47,82 @@ mode: 0640 marker: "## {mark} Kibana general settings ##" notify: restart kibana - tags: - install - configure +- name: Build and Install Wazuh Kibana Plugin from sources + import_tasks: build_wazuh_plugin.yml + when: + - build_from_sources is defined + - build_from_sources + +- name: Install Wazuh Plugin (can take a while) + shell: >- + NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install + {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip + args: + executable: /bin/bash + creates: /usr/share/kibana/plugins/wazuh/package.json + chdir: /usr/share/kibana + become: yes + become_user: kibana + notify: restart kibana + tags: + - install + - skip_ansible_lint + when: + - not build_from_sources + +- name: Kibana optimization (can take a while) + shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli --optimize + args: + executable: /bin/bash + become: yes + become_user: kibana + changed_when: false + tags: + - skip_ansible_lint + +- name: Wait for Elasticsearch port + wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} + +- name: Select correct API protocol + set_fact: + elastic_api_protocol: "{% if kibana_xpack_security %}https{% else %}http{% endif %}" + +- name: Attempting to delete legacy Wazuh index if exists + uri: + url: "{{ elastic_api_protocol }}://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/.wazuh" + method: DELETE + user: "admin" + password: "{{ opendistro_admin_password }}" + validate_certs: no + status_code: 200, 404 + +- name: Create wazuh plugin config directory + file: + path: /usr/share/kibana/optimize/wazuh/config/ + state: directory + recurse: yes + owner: kibana + group: kibana + mode: 0751 + changed_when: False + +- name: Configure Wazuh Kibana Plugin + template: + src: wazuh.yml.j2 + dest: /usr/share/kibana/optimize/wazuh/config/wazuh.yml + owner: kibana + group: kibana + mode: 0751 + changed_when: False + +- name: Reload systemd configuration + systemd: + daemon_reload: true + - name: Ensure Kibana started and enabled service: name: kibana @@ -60,4 +130,4 @@ state: started - import_tasks: RMRedHat.yml - when: ansible_os_family == 'RedHat' + when: ansible_os_family == 'RedHat' \ No newline at end of file diff --git a/roles/opendistro/opendistro-kibana/tasks/security_actions.yml b/roles/opendistro/opendistro-kibana/tasks/security_actions.yml index 96b787c9..be63c9ea 100644 --- a/roles/opendistro/opendistro-kibana/tasks/security_actions.yml +++ b/roles/opendistro/opendistro-kibana/tasks/security_actions.yml @@ -2,12 +2,12 @@ - name: Copy the certificates from local to the Kibana instance copy: - src: "{{ local_certs_path }}/config/{{ item }}" + src: "{{ local_certs_path }}/certs/{{ item }}" dest: /usr/share/kibana mode: 0644 with_items: - "{{ inventory_hostname }}_http.key" - "{{ inventory_hostname }}_http.pem" tags: - - production_ready + - security when: install.changed \ No newline at end of file diff --git a/roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2 b/roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2 index c526fcda..702de5e2 100644 --- a/roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2 +++ b/roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2 @@ -8,9 +8,9 @@ server.maxPayloadBytes: {{ kibana_max_payload_bytes }} server.name: {{ kibana_server_name }} server.host: {{ kibana_server_host }} {% if kibana_opendistro_security %} -elasticsearch.hosts: "https://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}" +elasticsearch.hosts: "https://{{ elasticsearch_nodes }}:{{ elasticsearch_http_port }}" {% else %} -elasticsearch.hosts: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}" +elasticsearch.hosts: "http://{{ elasticsearch_nodes }}:{{ elasticsearch_http_port }}" {% endif %} elasticsearch.username: {{ opendistro_kibana_user }} diff --git a/roles/wazuh/ansible-filebeat-oss/README.md b/roles/wazuh/ansible-filebeat-oss/README.md new file mode 100644 index 00000000..bed47531 --- /dev/null +++ b/roles/wazuh/ansible-filebeat-oss/README.md @@ -0,0 +1,39 @@ +Ansible Role: Filebeat for Elastic Stack +------------------------------------ + +An Ansible Role that installs [Filebeat-oss](https://www.elastic.co/products/beats/filebeat), this can be used in conjunction with [ansible-wazuh-manager](https://github.com/wazuh/wazuh-ansible/ansible-wazuh-server). + +Requirements +------------ + +This role will work on: + * Red Hat + * CentOS + * Fedora + * Debian + * Ubuntu + +Role Variables +-------------- + +Available variables are listed below, along with default values (see `defaults/main.yml`): + +``` + filebeat_output_elasticsearch_enabled: false + filebeat_output_elasticsearch_hosts: + - "localhost:9200" + +``` + +License and copyright +--------------------- + +WAZUH Copyright (C) 2020 Wazuh Inc. (License GPLv3) + +### Based on previous work from geerlingguy + + - https://github.com/geerlingguy/ansible-role-filebeat + +### Modified by Wazuh + +The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem. diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml new file mode 100644 index 00000000..7603fd51 --- /dev/null +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -0,0 +1,30 @@ +--- +filebeat_version: 7.7.0 + +filebeat_create_config: true + +filebeat_output_elasticsearch_enabled: false +filebeat_output_elasticsearch_hosts: + - "localhost:9200" + +filebeat_module_package_url: https://packages.wazuh.com/3.x/filebeat +filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz +filebeat_module_package_path: /tmp/ +filebeat_module_destination: /usr/share/filebeat/module +filebeat_module_folder: /usr/share/filebeat/module/wazuh +elasticsearch_security_user: admin +elasticsearch_security_password: changeme +# Security plugin +filebeat_security: true +filebeat_security_user: admin +filebeat_security_password: changeme +filebeat_ssl_dir: /etc/pki/filebeat + +# Local path to store the generated certificates (OpenDistro security plugin) +local_certs_path: /tmp/opendistro-nodecerts + +elasticrepo: + apt: 'https://artifacts.elastic.co/packages/oss-7.x/apt' + yum: 'https://artifacts.elastic.co/packages/oss-7.x/yum' + gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' diff --git a/roles/wazuh/filebeat-oss/handlers/main.yml b/roles/wazuh/ansible-filebeat-oss/handlers/main.yml similarity index 100% rename from roles/wazuh/filebeat-oss/handlers/main.yml rename to roles/wazuh/ansible-filebeat-oss/handlers/main.yml diff --git a/roles/wazuh/filebeat-oss/meta/main.yml b/roles/wazuh/ansible-filebeat-oss/meta/main.yml similarity index 88% rename from roles/wazuh/filebeat-oss/meta/main.yml rename to roles/wazuh/ansible-filebeat-oss/meta/main.yml index 240b2d08..4fd7e900 100644 --- a/roles/wazuh/filebeat-oss/meta/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/meta/main.yml @@ -3,7 +3,7 @@ dependencies: [] galaxy_info: author: Wazuh - description: Installing and maintaining filebeat server. + description: Installing and maintaining Filebeat-oss. company: wazuh.com license: license (GPLv3) min_ansible_version: 2.0 diff --git a/roles/wazuh/filebeat-oss/tasks/Debian.yml b/roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml similarity index 91% rename from roles/wazuh/filebeat-oss/tasks/Debian.yml rename to roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml index a87bb2bf..33c94cf6 100644 --- a/roles/wazuh/filebeat-oss/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml @@ -14,7 +14,7 @@ id: "{{ elasticrepo.key_id }}" state: present -- name: Debian/Ubuntu | Add Filebeat repository. +- name: Debian/Ubuntu | Add Filebeat-oss repository. apt_repository: repo: "deb {{ elasticrepo.apt }} stable main" state: present diff --git a/roles/wazuh/filebeat-oss/tasks/RMDebian.yml b/roles/wazuh/ansible-filebeat-oss/tasks/RMDebian.yml similarity index 100% rename from roles/wazuh/filebeat-oss/tasks/RMDebian.yml rename to roles/wazuh/ansible-filebeat-oss/tasks/RMDebian.yml diff --git a/roles/wazuh/filebeat-oss/tasks/RMRedHat.yml b/roles/wazuh/ansible-filebeat-oss/tasks/RMRedHat.yml similarity index 84% rename from roles/wazuh/filebeat-oss/tasks/RMRedHat.yml rename to roles/wazuh/ansible-filebeat-oss/tasks/RMRedHat.yml index 1cf84081..8565894e 100644 --- a/roles/wazuh/filebeat-oss/tasks/RMRedHat.yml +++ b/roles/wazuh/ansible-filebeat-oss/tasks/RMRedHat.yml @@ -1,6 +1,6 @@ --- - name: RedHat/CentOS/Fedora | Remove Filebeat repository (and clean up left-over metadata) yum_repository: - name: elastic_repo_7 + name: elastic_oss-repo_7 state: absent changed_when: false diff --git a/roles/wazuh/filebeat-oss/tasks/RedHat.yml b/roles/wazuh/ansible-filebeat-oss/tasks/RedHat.yml similarity index 89% rename from roles/wazuh/filebeat-oss/tasks/RedHat.yml rename to roles/wazuh/ansible-filebeat-oss/tasks/RedHat.yml index 23948b37..74873aca 100644 --- a/roles/wazuh/filebeat-oss/tasks/RedHat.yml +++ b/roles/wazuh/ansible-filebeat-oss/tasks/RedHat.yml @@ -1,7 +1,7 @@ --- - name: RedHat/CentOS/Fedora/Amazon Linux | Install Filebeats repo yum_repository: - name: elastic_repo_7 + name: elastic_oss-repo_7 description: Elastic repository for 7.x packages baseurl: "{{ elasticrepo.yum }}" gpgkey: "{{ elasticrepo.gpg }}" diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/config.yml b/roles/wazuh/ansible-filebeat-oss/tasks/config.yml new file mode 100644 index 00000000..f64c8ceb --- /dev/null +++ b/roles/wazuh/ansible-filebeat-oss/tasks/config.yml @@ -0,0 +1,22 @@ +--- +- block: + - name: Copy Filebeat configuration. + template: + src: filebeat.yml.j2 + dest: "/etc/filebeat/filebeat.yml" + owner: root + group: root + mode: 0400 + notify: restart filebeat + + - name: Copy Elasticsearch template. + template: + src: elasticsearch.yml.j2 + dest: "/etc/filebeat/wazuh-template.json" + owner: root + group: root + mode: 0400 + notify: restart filebeat + + tags: + - configure \ No newline at end of file diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/main.yml b/roles/wazuh/ansible-filebeat-oss/tasks/main.yml new file mode 100644 index 00000000..e9c3ead6 --- /dev/null +++ b/roles/wazuh/ansible-filebeat-oss/tasks/main.yml @@ -0,0 +1,70 @@ +--- +- include_tasks: RedHat.yml + when: ansible_os_family == 'RedHat' + +- include_tasks: Debian.yml + when: ansible_os_family == 'Debian' + +- name: Install Filebeat + package: + name: filebeat + state: present + register: install + tags: + - install + - init + +- include_tasks: security_actions.yml + when: ansible_os_family == 'RedHat' + +- name: Checking if Filebeat Module folder file exists + stat: + path: "{{ filebeat_module_folder }}" + register: filebeat_module_folder + +- name: Download Filebeat module package + get_url: + url: "{{ filebeat_module_package_url }}/{{ filebeat_module_package_name }}" + dest: "{{ filebeat_module_package_path }}" + when: not filebeat_module_folder.stat.exists + +- name: Unpack Filebeat module package + unarchive: + src: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" + dest: "{{ filebeat_module_destination }}" + remote_src: yes + when: not filebeat_module_folder.stat.exists + +- name: Setting 0755 permission for Filebeat module folder + file: dest={{ filebeat_module_folder }} mode=u=rwX,g=rwX,o=rwX recurse=yes + when: not filebeat_module_folder.stat.exists + +- name: Checking if Filebeat Module package file exists + stat: + path: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" + register: filebeat_module_package + when: filebeat_module_package is not defined + +- name: Delete Filebeat module package file + file: + state: absent + path: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" + when: filebeat_module_package.stat.exists + +- import_tasks: config.yml + notify: restart filebeat + +- include_tasks: security_actions.yml + when: filebeat_security + +- name: Ensure Filebeat is started and enabled at boot. + service: + name: filebeat + state: started + enabled: true + +- include_tasks: "RMRedHat.yml" + when: ansible_os_family == "RedHat" + +- include_tasks: "RMDebian.yml" + when: ansible_os_family == "Debian" diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml b/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml new file mode 100644 index 00000000..1af67c84 --- /dev/null +++ b/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml @@ -0,0 +1,29 @@ +- block: + + - name: Ensure Filebeat SSL key pair directory exists. + file: + path: "{{ filebeat_ssl_dir }}" + state: directory + + - name: Copy the certificates from local to the Manager instance + copy: + src: "{{ local_certs_path }}/certs/{{ item }}" + dest: "{{ filebeat_ssl_dir }}" + mode: 0644 + with_items: + - "{{ inventory_hostname }}.key" + - "{{ inventory_hostname }}.pem" + - "root-ca.pem" + + - name: Ensuring folder & certs permissions + file: + path: "{{ filebeat_ssl_dir }}/" + mode: 0774 + state: directory + recurse: yes + + tags: + - security + when: + - filebeat_security + - install.changed \ No newline at end of file diff --git a/roles/wazuh/filebeat-oss/templates/elasticsearch.yml.j2 b/roles/wazuh/ansible-filebeat-oss/templates/elasticsearch.yml.j2 similarity index 100% rename from roles/wazuh/filebeat-oss/templates/elasticsearch.yml.j2 rename to roles/wazuh/ansible-filebeat-oss/templates/elasticsearch.yml.j2 diff --git a/roles/wazuh/filebeat-oss/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2 similarity index 52% rename from roles/wazuh/filebeat-oss/templates/filebeat.yml.j2 rename to roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2 index 747d2da6..67a99347 100644 --- a/roles/wazuh/filebeat-oss/templates/filebeat.yml.j2 +++ b/roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2 @@ -14,25 +14,18 @@ setup.template.json.name: 'wazuh' setup.template.overwrite: true setup.ilm.enabled: false - # Send events directly to Elasticsearch output.elasticsearch: hosts: {{ filebeat_output_elasticsearch_hosts | to_json }} -{% if filebeat_opendistro_security %} - username: {{ elasticsearch_opendistro_security_user }} - password: {{ elasticsearch_opendistro_security_password }} +{% if filebeat_security %} + username: {{ elasticsearch_security_user }} + password: {{ elasticsearch_security_password }} protocol: https -{% if generate_CA == true %} - ssl.certificate_authorities: - - {{node_certs_destination}}/ca.crt -{% elif generate_CA == false %} ssl.certificate_authorities: - - {{node_certs_destination}}/{{ca_cert_name}} -{% endif %} - - ssl.certificate: "{{node_certs_destination}}/{{ filebeat_node_name }}.crt" - ssl.key: "{{node_certs_destination}}/{{ filebeat_node_name }}.key" + - {{ filebeat_ssl_dir }}/root-ca.pem + ssl.certificate: "{{ filebeat_ssl_dir }}/{{ inventory_hostname }}.pem" + ssl.key: "{{ filebeat_ssl_dir }}/{{ inventory_hostname }}.key" {% endif %} # Optional. Send events to Logstash instead of Elasticsearch diff --git a/roles/wazuh/ansible-filebeat/README.md b/roles/wazuh/ansible-filebeat/README.md index ad588e64..416f7da0 100644 --- a/roles/wazuh/ansible-filebeat/README.md +++ b/roles/wazuh/ansible-filebeat/README.md @@ -28,7 +28,7 @@ Available variables are listed below, along with default values (see `defaults/m License and copyright --------------------- -WAZUH Copyright (C) 2017 Wazuh Inc. (License GPLv3) +WAZUH Copyright (C) 2020 Wazuh Inc. (License GPLv3) ### Based on previous work from geerlingguy diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index cc7de7bf..0f9c0021 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.6.2 +filebeat_version: 7.7.0 filebeat_create_config: true @@ -22,10 +22,8 @@ filebeat_enable_logging: true filebeat_log_level: debug filebeat_log_dir: /var/log/mybeat filebeat_log_filename: mybeat.log - filebeat_ssl_dir: /etc/pki/filebeat filebeat_ssl_certificate_file: "" -filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" filebeat_module_package_url: https://packages.wazuh.com/3.x/filebeat diff --git a/roles/wazuh/ansible-filebeat/tasks/config.yml b/roles/wazuh/ansible-filebeat/tasks/config.yml index d45b06e8..2b0b7eda 100644 --- a/roles/wazuh/ansible-filebeat/tasks/config.yml +++ b/roles/wazuh/ansible-filebeat/tasks/config.yml @@ -17,23 +17,4 @@ group: root mode: 0400 notify: restart filebeat - tags: configure - -- name: Ensure Filebeat SSL key pair directory exists. - file: - path: "{{ filebeat_ssl_dir }}" - state: directory - when: filebeat_ssl_key_file - tags: configure - -- name: Copy SSL key and cert for filebeat. - copy: - src: "{{ item }}" - dest: "{{ filebeat_ssl_dir }}/{{ item | basename }}" - mode: 0400 - with_items: - - "{{ filebeat_ssl_key_file }}" - - "{{ filebeat_ssl_certificate_file }}" - notify: restart filebeat - when: filebeat_ssl_key_file and filebeat_ssl_certificate_file - tags: configure + tags: configure \ No newline at end of file diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 4948c252..3e47db37 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -76,7 +76,7 @@ dest: "{{ filebeat_module_package_path }}" when: not filebeat_module_folder.stat.exists -- name: Unpakcing Filebeat module package +- name: Unpack Filebeat module package unarchive: src: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" dest: "{{ filebeat_module_destination }}" diff --git a/roles/wazuh/ansible-filebeat/tests/requirements.yml b/roles/wazuh/ansible-filebeat/tests/requirements.yml deleted file mode 100644 index 63d857e2..00000000 --- a/roles/wazuh/ansible-filebeat/tests/requirements.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- src: geerlingguy.java -- src: geerlingguy.elasticsearch diff --git a/roles/wazuh/ansible-filebeat/tests/test.yml b/roles/wazuh/ansible-filebeat/tests/test.yml deleted file mode 100644 index 3a4c8f21..00000000 --- a/roles/wazuh/ansible-filebeat/tests/test.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- hosts: all - - pre_tasks: - - name: Update apt cache. - apt: - cache_valid_time: 600 - when: ansible_os_family == 'Debian' - - - name: Install test dependencies (RedHat). - package: name=which state=present - when: ansible_os_family == 'RedHat' - - - name: Install test dependencies. - package: name=curl state=present - - roles: - - geerlingguy.java - - geerlingguy.elasticsearch - - role_under_test diff --git a/roles/wazuh/ansible-wazuh-manager/README.md b/roles/wazuh/ansible-wazuh-manager/README.md index 199e7810..ac52363d 100644 --- a/roles/wazuh/ansible-wazuh-manager/README.md +++ b/roles/wazuh/ansible-wazuh-manager/README.md @@ -218,7 +218,7 @@ Including an example of how to use your role (for instance, with variables passe License and copyright --------------------- -WAZUH Copyright (C) 2017 Wazuh Inc. (License GPLv3) +WAZUH Copyright (C) 2020 Wazuh Inc. (License GPLv3) ### Based on previous work from dj-wasabi diff --git a/roles/wazuh/filebeat-oss/defaults/main.yml b/roles/wazuh/filebeat-oss/defaults/main.yml deleted file mode 100644 index 4ed76156..00000000 --- a/roles/wazuh/filebeat-oss/defaults/main.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -filebeat_version: 7.6.2 - -filebeat_create_config: true - -filebeat_prospectors: - - input_type: log - paths: - - "/var/ossec/logs/alerts/alerts.json" - document_type: json - json.message_key: log - json.keys_under_root: true - json.overwrite_keys: true - -filebeat_node_name: node-1 - -filebeat_output_elasticsearch_enabled: false -filebeat_output_elasticsearch_hosts: - - "localhost:9200" - -filebeat_enable_logging: true -filebeat_log_level: debug -filebeat_log_dir: /var/log/mybeat -filebeat_log_filename: mybeat.log - -filebeat_ssl_dir: /etc/pki/filebeat -filebeat_ssl_certificate_file: "" -filebeat_ssl_key_file: "" -filebeat_ssl_insecure: "false" - -filebeat_module_package_url: https://packages.wazuh.com/3.x/filebeat -filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz -filebeat_module_package_path: /tmp/ -filebeat_module_destination: /usr/share/filebeat/module -filebeat_module_folder: /usr/share/filebeat/module/wazuh - -# Opendistro Security -filebeat_opendistro_security: false - -elasticsearch_opendistro_security_user: elastic -elasticsearch_opendistro_security_password: elastic_pass - -node_certs_generator : false -node_certs_source: /usr/share/elasticsearch -node_certs_destination: /etc/filebeat/certs - - -# CA Generation -master_certs_path: /es_certs -generate_CA: true -ca_cert_name: "" - -elasticrepo: - apt: 'https://artifacts.elastic.co/packages/oss-7.x/apt' - yum: 'https://artifacts.elastic.co/packages/oss-7.x/yum' - gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' - key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' diff --git a/roles/wazuh/filebeat-oss/tasks/config.yml b/roles/wazuh/filebeat-oss/tasks/config.yml deleted file mode 100644 index d45b06e8..00000000 --- a/roles/wazuh/filebeat-oss/tasks/config.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- name: Copy Filebeat configuration. - template: - src: filebeat.yml.j2 - dest: "/etc/filebeat/filebeat.yml" - owner: root - group: root - mode: 0400 - notify: restart filebeat - tags: configure - -- name: Copy Elasticsearch template. - template: - src: elasticsearch.yml.j2 - dest: "/etc/filebeat/wazuh-template.json" - owner: root - group: root - mode: 0400 - notify: restart filebeat - tags: configure - -- name: Ensure Filebeat SSL key pair directory exists. - file: - path: "{{ filebeat_ssl_dir }}" - state: directory - when: filebeat_ssl_key_file - tags: configure - -- name: Copy SSL key and cert for filebeat. - copy: - src: "{{ item }}" - dest: "{{ filebeat_ssl_dir }}/{{ item | basename }}" - mode: 0400 - with_items: - - "{{ filebeat_ssl_key_file }}" - - "{{ filebeat_ssl_certificate_file }}" - notify: restart filebeat - when: filebeat_ssl_key_file and filebeat_ssl_certificate_file - tags: configure diff --git a/roles/wazuh/filebeat-oss/tasks/main.yml b/roles/wazuh/filebeat-oss/tasks/main.yml deleted file mode 100644 index df3a428b..00000000 --- a/roles/wazuh/filebeat-oss/tasks/main.yml +++ /dev/null @@ -1,125 +0,0 @@ ---- -- include_tasks: RedHat.yml - when: ansible_os_family == 'RedHat' - -- include_tasks: Debian.yml - when: ansible_os_family == 'Debian' - -- name: CentOS/RedHat | Install Filebeat. - package: name=filebeat-{{ filebeat_version }} state=present - register: filebeat_installing_package - until: filebeat_installing_package is succeeded - when: - - ansible_distribution in ['CentOS','RedHat', 'Amazon'] - tags: - - install - -- name: Debian/Ubuntu | Install Filebeat. - apt: - name: filebeat={{ filebeat_version }} - state: present - cache_valid_time: 3600 - register: filebeat_installing_package_debian - until: filebeat_installing_package_debian is succeeded - when: - - not (ansible_distribution in ['CentOS','RedHat', 'Amazon']) - tags: - - init - -- name: Copying node's certificate from master - copy: - src: "{{ item }}" - dest: "{{ node_certs_destination }}/" - mode: 0440 - with_items: - - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" - - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" - - "{{ master_certs_path }}/ca/ca.crt" - when: - - generate_CA - - filebeat_opendistro_security - tags: opendistro-security - -- name: Copying node's certificate from master (Custom CA) - copy: - src: "{{ item }}" - dest: "{{ node_certs_destination }}/" - mode: 0440 - with_items: - - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" - - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" - - "{{ master_certs_path }}/ca/{{ ca_cert_name }}" - when: - - not generate_CA - - filebeat_opendistro_security - tags: opendistro-security - -- name: Ensuring folder & certs permissions - file: - path: "{{ node_certs_destination }}/" - mode: 0774 - state: directory - recurse: yes - when: - - filebeat_xpack_security - tags: xpack-security - -- name: Checking if Filebeat Module folder file exists - stat: - path: "{{ filebeat_module_folder }}" - register: filebeat_module_folder - - -- name: Download Filebeat module package - get_url: - url: "{{ filebeat_module_package_url }}/{{ filebeat_module_package_name }}" - dest: "{{ filebeat_module_package_path }}" - when: not filebeat_module_folder.stat.exists - -- name: Unpakcing Filebeat module package - unarchive: - src: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" - dest: "{{ filebeat_module_destination }}" - remote_src: yes - when: not filebeat_module_folder.stat.exists - -- name: Setting 0755 permission for Filebeat module folder - file: dest={{ filebeat_module_folder }} mode=u=rwX,g=rwX,o=rwX recurse=yes - when: not filebeat_module_folder.stat.exists - -- name: Checking if Filebeat Module package file exists - stat: - path: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" - register: filebeat_module_package - when: filebeat_module_package is not defined - -- name: Delete Filebeat module package file - file: - state: absent - path: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" - when: filebeat_module_package.stat.exists - -- import_tasks: config.yml - when: filebeat_create_config - notify: restart filebeat - -- name: Reload systemd - systemd: daemon_reload=yes - ignore_errors: true - when: - - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) - -- name: Ensure Filebeat is started and enabled at boot. - service: - name: filebeat - state: started - enabled: true - -- include_tasks: "RMRedHat.yml" - when: ansible_os_family == "RedHat" - -- include_tasks: "RMDebian.yml" - when: ansible_os_family == "Debian" diff --git a/roles/wazuh/filebeat-oss/tasks/security_actions.yml b/roles/wazuh/filebeat-oss/tasks/security_actions.yml deleted file mode 100644 index 6b11bc9a..00000000 --- a/roles/wazuh/filebeat-oss/tasks/security_actions.yml +++ /dev/null @@ -1,11 +0,0 @@ -- block: - - - name: Copy certificates and root-ca to Filebeat - copy: - src: "{{ local_certs_path }}/config/{{ item }}" - dest: /etc/filebeat/ - mode: 0644 - with_items: - - root-ca.pem - - "{{ inventory_hostname }}.key" - - "{{ inventory_hostname }}.pem" \ No newline at end of file diff --git a/roles/wazuh/filebeat-oss/tests/requirements.yml b/roles/wazuh/filebeat-oss/tests/requirements.yml deleted file mode 100644 index 63d857e2..00000000 --- a/roles/wazuh/filebeat-oss/tests/requirements.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- src: geerlingguy.java -- src: geerlingguy.elasticsearch diff --git a/roles/wazuh/filebeat-oss/tests/test.yml b/roles/wazuh/filebeat-oss/tests/test.yml deleted file mode 100644 index 3a4c8f21..00000000 --- a/roles/wazuh/filebeat-oss/tests/test.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- hosts: all - - pre_tasks: - - name: Update apt cache. - apt: - cache_valid_time: 600 - when: ansible_os_family == 'Debian' - - - name: Install test dependencies (RedHat). - package: name=which state=present - when: ansible_os_family == 'RedHat' - - - name: Install test dependencies. - package: name=curl state=present - - roles: - - geerlingguy.java - - geerlingguy.elasticsearch - - role_under_test